A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
A logical framework for reasoning about access control models
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Managing access control policies using access control spaces
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Protection in flexible operating system architectures
ACM SIGOPS Operating Systems Review
Resolving constraint conflicts
Proceedings of the ninth ACM symposium on Access control models and technologies
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Managing heterogeneous network environments using an extensible policy framework
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Extensible policy framework for heterogeneous network environments
International Journal of Information and Computer Security
| Hi-index | 0.00 |
The evaluation of computer systems has been an important issue for many years, as evidenced by the introduction of industry evaluation guides such as the Rainbow Books and the more recent Common Criteria for IT Security Evaluation. As organizations depend on the Internet for their daily operations, the need for evaluation is even more apparent due to new security risks. It is not uncommon for large organizations to evaluate different systems, such as operating systems, to identify which would best fit their security policy. Each system would undoubtedly use different methods to represent access control policies. The security policy would therefore need to be translated into specific access control policies that each system understands, which is challenging when large and complex systems are involved. In this paper, we focus on the evaluation of operating systems. We describe Chameleos, a policy specification language that is designed to specify the access control policies of multiple operating systems. The strength of Chameleos is its flexibility to cater to many operating systems, while remaining sufficiently extensible to support the specific features of each system. We describe the design and architecture of Chameleos, and demonstrate that Chameleos can flexibly and effectively represent the access control policies of grsecurity and SELinux - two very different systems.